7a54c16a3a78bc4e11f47773d21f010cd9fd613ae719b5a185e47b72c352be8c

Analysis

max time kernel
151s
max time network
157s
platform
windows10-2004_x64
resource
win10v2004-20231023-en
resource tags

arch:x64arch:x86image:win10v2004-20231023-enlocale:en-usos:windows10-2004-x64system
submitted
29/10/2023, 23:27

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

7a54c16a3a78bc4e11f47773d21f010cd9fd613ae719b5a185e47b72c352be8c.exe
Size

9.3MB
MD5

cc29177b5fd627224baed5dd0a121e19
SHA1

5c9a65bd6e463b751b13f2a639f28d59f91c2944
SHA256

7a54c16a3a78bc4e11f47773d21f010cd9fd613ae719b5a185e47b72c352be8c
SHA512

6f51d4b3f7e3083421fc1726e6bd9b954fbb176055736db34521c7b10862d4b122a4ecf761222503b80cec5242a902a62619a732f38c1ce4ad687cce9512e099
SSDEEP

98304:axfZeZiONXe0cK7jfI60f8BYNg3kQVLPXnmGLH376+MyUXnby:aNZekOte0cifXmZNg0ILPXnmGDm3

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
1516	Logo1_.exe

Enumerates connected drives 3 TTPs 21 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\W:	Logo1_.exe
File opened (read-only)	\??\V:	Logo1_.exe
File opened (read-only)	\??\L:	Logo1_.exe
File opened (read-only)	\??\Y:	Logo1_.exe
File opened (read-only)	\??\S:	Logo1_.exe
File opened (read-only)	\??\Q:	Logo1_.exe
File opened (read-only)	\??\N:	Logo1_.exe
File opened (read-only)	\??\J:	Logo1_.exe
File opened (read-only)	\??\E:	Logo1_.exe
File opened (read-only)	\??\T:	Logo1_.exe
File opened (read-only)	\??\P:	Logo1_.exe
File opened (read-only)	\??\O:	Logo1_.exe
File opened (read-only)	\??\M:	Logo1_.exe
File opened (read-only)	\??\K:	Logo1_.exe
File opened (read-only)	\??\I:	Logo1_.exe
File opened (read-only)	\??\H:	Logo1_.exe
File opened (read-only)	\??\G:	Logo1_.exe
File opened (read-only)	\??\X:	Logo1_.exe
File opened (read-only)	\??\U:	Logo1_.exe
File opened (read-only)	\??\R:	Logo1_.exe
File opened (read-only)	\??\Z:	Logo1_.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Program Files\Windows Portable Devices\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\css\core\dev\libs\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\file_types\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer-select\js\nls\pt-br\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\WidevineCdm\_desktop.ini	Logo1_.exe
File created	C:\Program Files\VideoLAN\VLC\locale\th\_desktop.ini	Logo1_.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\mux\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\WindowsPowerShell\Modules\Microsoft.PowerShell.Operation.Validation\1.0.1\Test\Modules\Example2.Diagnostics\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.VCLibs.140.00.UWPDesktop_14.0.27629.0_x64__8wekyb3d8bbwe\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\js\nls\hr-hr\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\scan-files\js\nls\cs-cz\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\viewer\nls\pl-pl\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\js\nls\fr-fr\_desktop.ini	Logo1_.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_splitter\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.ScreenSketch_10.1907.2471.0_neutral_split.scale-125_8wekyb3d8bbwe\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_2019.716.2316.0_neutral_~_8wekyb3d8bbwe\AppxMetadata\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Speech\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\libs\jquery.ui.touch-punch\0.2.2\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-files\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\viewer\nls\hr-hr\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\Providers\Plugins2\AdobeHunspellPlugin\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\locale\fa\LC_MESSAGES\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.VP9VideoExtensions_1.0.22681.0_x64__8wekyb3d8bbwe\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.HEIFImageExtension_1.0.22742.0_x64__8wekyb3d8bbwe\x64\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\js\nls\ca-es\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\walk-through\js\nls\ja-jp\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Internet Explorer\_desktop.ini	Logo1_.exe
File created	C:\Program Files\VideoLAN\VLC\locale\af\LC_MESSAGES\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsStore_11910.1002.5.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Tracker\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\app-center\js\nls\ru-ru\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\pages-app\js\nls\pt-br\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\WidevineCdm\_platform_specific\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.19071.12548.0_x64__8wekyb3d8bbwe\AppCS\Assets\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\files\dev\nls\eu-es\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\add-account\js\nls\nb-no\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\editpdf\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\js\nls\eu-es\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\WindowsPowerShell\Modules\Microsoft.PowerShell.Operation.Validation\1.0.1\Test\Modules\Example3.Diagnostics\2.0.1\Diagnostics\Simple\_desktop.ini	Logo1_.exe
File created	C:\Program Files\Java\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\locales\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\css\core\dev\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\scan-files\js\nls\cs-cz\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\locale\ckb\LC_MESSAGES\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.WebMediaExtensions_1.0.20875.0_neutral_split.scale-100_8wekyb3d8bbwe\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exe	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\core\dev\nls\eu-es\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\activity-badge\js\nls\da-dk\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\aicuc\js\plugins\rhp\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\editpdf\js\nls\ar-ae\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\js\nls\he-il\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\locale\an\LC_MESSAGES\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\SecondaryTiles\Directions\Home\RTL\contrast-black\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\js\nls\ja-jp\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\LogTransport2.exe	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\js\nls\tr-tr\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-files\js\nls\de-de\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Common Files\Oracle\Java\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\WindowsPowerShell\Modules\Microsoft.PowerShell.Operation.Validation\1.0.1\Diagnostics\_desktop.ini	Logo1_.exe
File created	C:\Program Files\Microsoft Office 15\_desktop.ini	Logo1_.exe

Drops file in Windows directory 4 IoCs

description	ioc	Process
File created	C:\Windows\vDll.dll	Logo1_.exe
File created	C:\Windows\rundl132.exe	7a54c16a3a78bc4e11f47773d21f010cd9fd613ae719b5a185e47b72c352be8c.exe
File created	C:\Windows\Logo1_.exe	7a54c16a3a78bc4e11f47773d21f010cd9fd613ae719b5a185e47b72c352be8c.exe
File opened for modification	C:\Windows\rundl132.exe	Logo1_.exe

Runs net.exe

Suspicious behavior: EnumeratesProcesses 20 IoCs

pid	Process
1516	Logo1_.exe
1516	Logo1_.exe
1516	Logo1_.exe
1516	Logo1_.exe
1516	Logo1_.exe
1516	Logo1_.exe
1516	Logo1_.exe
1516	Logo1_.exe
1516	Logo1_.exe
1516	Logo1_.exe
1516	Logo1_.exe
1516	Logo1_.exe
1516	Logo1_.exe
1516	Logo1_.exe
1516	Logo1_.exe
1516	Logo1_.exe
1516	Logo1_.exe
1516	Logo1_.exe
1516	Logo1_.exe
1516	Logo1_.exe

Suspicious use of WriteProcessMemory 14 IoCs

description	pid	Process	procid_target
PID 4500 wrote to memory of 4480	4500	7a54c16a3a78bc4e11f47773d21f010cd9fd613ae719b5a185e47b72c352be8c.exe	89
PID 4500 wrote to memory of 4480	4500	7a54c16a3a78bc4e11f47773d21f010cd9fd613ae719b5a185e47b72c352be8c.exe	89
PID 4500 wrote to memory of 4480	4500	7a54c16a3a78bc4e11f47773d21f010cd9fd613ae719b5a185e47b72c352be8c.exe	89
PID 4500 wrote to memory of 1516	4500	7a54c16a3a78bc4e11f47773d21f010cd9fd613ae719b5a185e47b72c352be8c.exe	91
PID 4500 wrote to memory of 1516	4500	7a54c16a3a78bc4e11f47773d21f010cd9fd613ae719b5a185e47b72c352be8c.exe	91
PID 4500 wrote to memory of 1516	4500	7a54c16a3a78bc4e11f47773d21f010cd9fd613ae719b5a185e47b72c352be8c.exe	91
PID 1516 wrote to memory of 4836	1516	Logo1_.exe	93
PID 1516 wrote to memory of 4836	1516	Logo1_.exe	93
PID 1516 wrote to memory of 4836	1516	Logo1_.exe	93
PID 4836 wrote to memory of 2344	4836	net.exe	95
PID 4836 wrote to memory of 2344	4836	net.exe	95
PID 4836 wrote to memory of 2344	4836	net.exe	95
PID 1516 wrote to memory of 3264	1516	Logo1_.exe	46
PID 1516 wrote to memory of 3264	1516	Logo1_.exe	46

C:\Windows\Explorer.EXE
C:\Windows\Explorer.EXE
1⤵
PID:3264
- C:\Users\Admin\AppData\Local\Temp\7a54c16a3a78bc4e11f47773d21f010cd9fd613ae719b5a185e47b72c352be8c.exe
  "C:\Users\Admin\AppData\Local\Temp\7a54c16a3a78bc4e11f47773d21f010cd9fd613ae719b5a185e47b72c352be8c.exe"
  2⤵
  - Drops file in Windows directory
  - Suspicious use of WriteProcessMemory
  PID:4500
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aF3D6.bat
    3⤵
    PID:4480
- - C:\Windows\Logo1_.exe
    C:\Windows\Logo1_.exe
    3⤵
    - Executes dropped EXE
    - Enumerates connected drives
    - Drops file in Program Files directory
    - Drops file in Windows directory
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:1516
  - - C:\Windows\SysWOW64\net.exe
      net stop "Kingsoft AntiVirus Service"
      4⤵
      Suspicious use of WriteProcessMemory
      PID:4836
    - - C:\Windows\SysWOW64\net1.exe
        
        C:\Windows\system32\net1 stop "Kingsoft AntiVirus Service"
        5⤵
        
        PID:2344

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdateCore.exe

Filesize
254KB

MD5
bc75c9efd1365608938d2f535b108715

SHA1
2bdb183f4d4d1ea3b84b1aef86d117d5ae83f004

SHA256
c0f2d8d8b8b0269b0cf8292da7e33d2c01b1c7d2c99f3e5a3e403015aadf4a53

SHA512
aea259527b0bad2b3fbb6e4b92483957cf93ad9d32f147426fe9e97400b2f270c409cb802124cf76ce3165520ca1ae2f314068b0e6e9fef4a1a0059f78f6f019

Download Submit
C:\Program Files\7-Zip\7z.exe

Filesize
487KB

MD5
f84d8a412eaf95e99397576987bee876

SHA1
6a253eff61b2e9756c84c654f194c84441413964

SHA256
beb6f1a4962d64d861810426508628e28bd242c5674dfd1faf67cec69157695d

SHA512
ecf20dd5592023f9644a4fdbf9cfa259888398fcb69041074682e902977cfae21a990b0c589e566512ca1a83daec6d3e1af0a0b231244d3204ff212880001510

Download Submit
C:\Users\Admin\AppData\Local\Temp\$$aF3D6.bat

Filesize
722B

MD5
416b7dd757f8c076ac99d5a9d838b1e3

SHA1
fcc3ad338ca5c35f9fe462187a8528cbd4149a8b

SHA256
1b7854f721a1f3087e0e22cc6f968a62abed29ea4267c37bf52265cb98c65f6e

SHA512
ff9bd8d0514b75ffb372d7c280341c98b71c847458642ba64ad2e7cc7722c5d60fc0294ee4cb5715c77d570d8f32338584baa60a7cb43b3f87e283872d3e1637

Download Submit
C:\Users\Admin\AppData\Local\Temp\7a54c16a3a78bc4e11f47773d21f010cd9fd613ae719b5a185e47b72c352be8c.exe.exe

Filesize
9.3MB

MD5
b86f86ef5c09df3336638ad99b7c0c0f

SHA1
0428ad68c4dd86cebf917582d9de21ad2bdac97f

SHA256
3ef229a273ff767f0dbc891329fa906455e8f696beb5b6611efe9d6f657d7ced

SHA512
cd3ef6725bbc15c2090f3eee10af01766030a428ec39e8dab8f0174961e9aaef1a573fdbba3f7db0e251c5888a83b701cfab8055b28c30474405c2b00e826f97

Download Submit
C:\Windows\Logo1_.exe

Filesize
29KB

MD5
02e821242138028c3b47a66dc20a234b

SHA1
30cc9526d9f6d96c436838f219eda7e65799b6ac

SHA256
07b4df9c43324822bc45a08796e966119f7a3ee0d54751dbe5f0011c9e09afaf

SHA512
bee16d9a9ce3f1812f35abbeff17f72d48614a63d54d0ed510394158253e32288d240c2fb68dec40b617ab6f21f51044399aea55c8bcabd8b5de8f28a9c74a52

Download Submit
C:\Windows\Logo1_.exe

Filesize
29KB

MD5
02e821242138028c3b47a66dc20a234b

SHA1
30cc9526d9f6d96c436838f219eda7e65799b6ac

SHA256
07b4df9c43324822bc45a08796e966119f7a3ee0d54751dbe5f0011c9e09afaf

SHA512
bee16d9a9ce3f1812f35abbeff17f72d48614a63d54d0ed510394158253e32288d240c2fb68dec40b617ab6f21f51044399aea55c8bcabd8b5de8f28a9c74a52

Download Submit
C:\Windows\rundl132.exe

Filesize
29KB

MD5
02e821242138028c3b47a66dc20a234b

SHA1
30cc9526d9f6d96c436838f219eda7e65799b6ac

SHA256
07b4df9c43324822bc45a08796e966119f7a3ee0d54751dbe5f0011c9e09afaf

SHA512
bee16d9a9ce3f1812f35abbeff17f72d48614a63d54d0ed510394158253e32288d240c2fb68dec40b617ab6f21f51044399aea55c8bcabd8b5de8f28a9c74a52

Download Submit
F:\$RECYCLE.BIN\S-1-5-21-3125601242-331447593-1512828465-1000\_desktop.ini

Filesize
10B

MD5
17de2acd7b02442c9cb0e8c0fccf8e96

SHA1
e062bd3af8ffe48988392987af8cbbddddffb804

SHA256
af7f402fe1458d28f48714376dd0e26175e667690e61b41c8bd0e61d818822d3

SHA512
e04d6d828edc3ef3443dfd40f72f76351bf981a16566cf0f31e60015f588440764461b52be088f549e8a2a6fa41370129e60d36b63b66f9a63c6df89f44fdbd8

Download Submit
memory/1516-129-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/1516-18-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/1516-26-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/1516-31-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/1516-36-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/1516-40-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/1516-1083-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/1516-2234-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/1516-8-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/1516-4632-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/4500-10-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/4500-0-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download